linux服务器巡检脚本

15665410623 · 发表于 2024-1-21 16:42

#!/bin/bash
# @Author: huangzhiyuan
# @Date: 2023-12-25 09:56:57
# @last Modified by:
# @Last Modified time:
# @E-mail: xxx@xxx.cn
#!/bin/bash
#主机信息每日巡检

IPADDR=$(ifconfig ens192|grep 'inet addr'|awk -F '[ :]' '{print $13}')
#环境变量PATH没设好，在cron里执行时有很多命令会找不到
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
source /etc/profile

[ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本！" && exit 1
centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release)
VERSION="2023-12-25"

#日志相关
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
[ -f $PROGPATH ] && PROGPATH="."
LOGPATH="$PROGPATH/log"
[ -e $LOGPATH ] || mkdir $LOGPATH
RESULTFILE="$LOGPATH/HostDailyCheck-$IPADDR-`date +%Y%m%d`.txt"

#定义报表的全局变量
report_DateTime="" #日期 ok
report_Hostname="" #主机名 ok
report_OSRelease="" #发行版本 ok
report_Kernel="" #内核 ok
report_Language="" #语言/编码 ok
report_LastReboot="" #最近启动时间 ok
report_Uptime="" #运行时间（天） ok
report_CPUs="" #CPU数量 ok
report_CPUType="" #CPU类型 ok
report_Arch="" #CPU架构 ok
report_MemTotal="" #内存总容量(MB) ok
report_MemFree="" #内存剩余(MB) ok
report_MemUsedPercent="" #内存使用率% ok
report_DiskTotal="" #硬盘总容量(GB) ok
report_DiskFree="" #硬盘剩余(GB) ok
report_DiskUsedPercent="" #硬盘使用率% ok
report_InodeTotal="" #Inode总量 ok
report_InodeFree="" #Inode剩余 ok
report_InodeUsedPercent="" #Inode使用率 ok
report_IP="" #IP地址 ok
report_MAC="" #MAC地址 ok
report_Gateway="" #默认网关 ok
report_DNS="" #DNS ok
report_Listen="" #监听 ok
report_Selinux="" #Selinux ok
report_Firewall="" #防火墙 ok
report_USERs="" #用户 ok
report_USEREmptyPassword="" #空密码用户 ok
report_USERTheSameUID="" #相同ID的用户 ok
report_PasswordExpiry="" #密码过期（天） ok
report_RootUser="" #root用户 ok
report_Sudoers="" #sudo授权 ok
report_SSHAuthorized="" #SSH信任主机 ok
report_SSHDProtocolVersion="" #SSH协议版本 ok
report_SSHDPermitRootLogin="" #允许root远程登录 ok
report_DefunctProsess="" #僵尸进程数量 ok
report_SelfInitiatedService="" #自启动服务数量 ok
report_SelfInitiatedProgram="" #自启动程序数量 ok
report_RuningService="" #运行中服务数 ok
report_Crontab="" #计划任务数 ok
report_Syslog="" #日志服务 ok
report_SNMP="" #SNMP OK
report_NTP="" #NTP ok
report_JDK="" #JDK版本 ok
function version(){
echo ""
echo ""
echo "系统巡检脚本：Version $VERSION"
}

function getCpuStatus(){
echo ""
echo ""
echo "############################ CPU检查 #############################"
Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
CPU_Arch=$(uname -m)
echo "物理CPU个数:$Physical_CPUs"
echo "逻辑CPU个数:$Virt_CPUs"
echo "每CPU核心数:$CPU_Kernels"
echo " CPU型号:$CPU_Type"
echo " CPU架构:$CPU_Arch"
#报表信息
report_CPUs=$Virt_CPUs #CPU数量
report_CPUType=$CPU_Type #CPU类型
report_Arch=$CPU_Arch #CPU架构
}

function getMemStatus(){
echo ""
echo ""
echo "############################ 内存检查 ############################"
#if [[  $centosVersion  /tmp/inode
#if [[ $centosVersion > 7 ]]; then
if [[ "$centosVersion" == "desired_version" ]]; then
df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk
join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
#报表信息
diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB
diskfree=$((disktotal-diskused)) #KB
diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
inodefree=$((inodetotal-inodeused))
inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盘总容量(GB)
report_DiskFree=$((diskfree/1024/1024))"GB" #硬盘剩余(GB)
report_DiskUsedPercent="$diskusedpercent""%" #硬盘使用率%
report_InodeTotal=$((inodetotal/1000))"K" #Inode总量
report_InodeFree=$((inodefree/1000))"K" #Inode剩余
report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率%
fi
}

function getSystemStatus(){
      echo ""
      echo ""
      echo "############################ 系统检查 ############################"
      if [ -e /etc/sysconfig/i18n ];then
            default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
      else
            default_LANG=$LANG
      fi
      export LANG="en_US.UTF-8"
      Release=$(cat /etc/redhat-release 2>/dev/null)
      Kernel=$(uname -r)
      OS=$(uname -o)
      Hostname=$(uname -n)
      SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
      LastReboot=$(who -b | awk '{print $3,$4}')
      uptime=$(uptime | sed 's/.*up $[^,]*$, .*/\1/')
      echo " 系统：$OS"
      echo " 发行版本：$Release"
      echo " 内核：$Kernel"
      echo " 主机名：$Hostname"
      echo " SELinux：$SELinux"
      echo "语言/编码：$default_LANG"
      echo " 当前时间：$(date +'%F %T')"
      echo " 最后启动：$LastReboot"
      echo " 运行时间：$uptime"
      #报表信息
      report_DateTime=$(date +"%F %T") #日期
      report_Hostname="$Hostname" #主机名
      report_OSRelease="$Release" #发行版本
      report_Kernel="$Kernel" #内核
      report_Language="$default_LANG" #语言/编码
      report_LastReboot="$LastReboot" #最近启动时间
      report_Uptime="$uptime" #运行时间（天）
      report_Selinux="$SELinux"
      export LANG="$default_LANG"

}

function getServiceStatus(){
      echo ""
      echo ""
      echo "############################ 服务检查 ############################"
      echo ""
      if [[ $centosVersion > 7 ]];then
            conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
            process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
            #报表信息
            report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量
            report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量
      else
            conf=$(/sbin/chkconfig | grep -E ":on|:启用")
            process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行")
            #报表信息
            report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量
            report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量
      fi
      echo "服务配置"
      echo "--------"
      echo "$conf" | column -t
      echo ""
      echo "正在运行的服务"
      echo "--------------"
      echo "$process"

}
function getAutoStartStatus(){
echo ""
echo ""
echo "############################ 自启动检查 ##########################"
conf=$(grep -v "^#" /etc/rc.d/rc.local | sed '/^$/d')
echo "$conf"
# 报表信息
report_SelfInitiatedProgram="$(echo $conf | wc -l)" # 自启动程序数量
}

function getLoginStatus(){
echo ""
echo ""
echo "############################ 登录检查 ############################"
last | head
}

function  getNetworkStatus(){
echo ""
echo ""
echo "############################ 网络检查 ############################"
if [[ $centosVersion ]]; then
      # 检查网络接口
      echo "网络接口情况："
      ifconfig -a

      # Ping 一些地址
      echo "Ping 测试："
      ping -c 4 baidu.com

      # 可以根据实际需求添加其他网络检查逻辑
fi
# 报表信息
report_Crontab="$Crontab" # 计划任务数
}

function getHowLongAgo(){
# 计算一个时间戳离现在有多久了
datetime="$*"
if [ -z "$datetime" ]; then
      echo "错误的参数：getHowLongAgo() $*"
fi
Timestamp=$(date +%s -d "$datetime") # 转化为时间戳
Now_Timestamp=$(date +%s)
Difference_Timestamp=$(($Now_Timestamp-$Timestamp))
days=0; hours=0; minutes=0;
sec_in_day=$((60*60*24));
sec_in_hour=$((60*60));
sec_in_minute=60
while (( $(($Difference_Timestamp-$sec_in_day)) > 1 )); do
      let Difference_Timestamp=Difference_Timestamp-sec_in_day
      let days++
done
while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 )); do
      let Difference_Timestamp=Difference_Timestamp-sec_in_hour
      let hours++
done
echo "$days 天 $hours 小时前"
}

function  getUserLastLogin(){
# 获取用户最近一次登录的时间，含年份
# 很遗憾last命令不支持显示年份，只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录，我们只能用最笨的方法了，
# 对比今天之前和今年元旦之前（或者去年之前和前年之前……）某个用户登录次数，如果登录统计次数有变化，则说明最近一次登录是今年。
username=$1
: ${username:="`whoami`"}
thisYear=$(date +%Y)
oldesYear=$(last | tail -n1 | awk '{print $NF}')
while (( $thisYear >= $oldesYear )); do
      loginBeforeToday=$(last $username | grep $username | wc -l)
      loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
      if [ $loginBeforeToday -eq 0 ]; then
         echo "从未登录过"
         break
      elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ]; then
         lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i1{print $2}')
         for uid in $UIDs; do
            echo -n "$uid";
            USERTheSameUID="$uid"
            r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
            echo "$r"
            echo ""
            USERTheSameUID="$USERTheSameUID $r,"
         done
         # 报表信息
         report_USERs="$USERs" # 用户
         report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//')
         report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//')
         report_RootUser=$(echo $RootUser | sed 's/^,//') # 特权用户
         break
      fi
      # 当前年份递减，继续循环
      thisYear=$(( thisYear - 1 ))
done
}

function  getPasswordStatus {
echo ""
echo ""
echo "############################ 密码检查 ############################"
pwdfile="$(cat /etc/passwd)"
echo ""
echo "密码过期检查"
echo "------------"
result=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2)
if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
printf "%-15s 永不过期\n" $user
result="$result,$user:never"
else
password_expiry_date=$(date -d "$get_expiry_date" "+%s")
current_date=$(date "+%s")
diff=$(($password_expiry_date-$current_date))
let DAYS=$(($diff/(60*60*24)))
printf "%-15s %s天后过期\n" $user $DAYS
result="$result,$user:$DAYS days"
fi
done
done
report_PasswordExpiry=$(echo $result | sed 's/^,//')

echo ""
echo "密码策略检查"
echo "------------"
grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"

}

function getSudoersStatus(){
      echo ""
      echo ""
      echo "############################ Sudoers检查 #########################"
      conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
      echo "$conf"
      echo ""
      #报表信息
      report_Sudoers="$(echo $conf | wc -l)"
}

function getInstalledStatus(){
      echo ""
      echo ""
      echo "############################ 软件检查 ############################"
      rpm -qa --last | head | column -t
}

function getProcessStatus(){
      echo ""
      echo ""
      echo "############################ 进程检查 ############################"
      if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
            echo ""
            echo "僵尸进程";
            echo "--------"
            ps -ef | head -n1
            ps -ef | grep defunct | grep -v grep
      fi
      echo ""
      echo "内存占用TOP10"
      echo "-------------"
      echo -e "PID %MEM RSS COMMAND
      $(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t
      echo ""
      echo "CPU占用TOP10"
      echo "------------"
      top b -n1 | head -17 | tail -11
      #报表信息
      report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
}

function getJDKStatus(){
      echo ""
      echo ""
      echo "############################ JDK检查 #############################"
      java -version 2>/dev/null
      if [ $? -eq 0 ];then
            java -version 2>&1
      fi
      echo "JAVA_HOME=\"$JAVA_HOME\""
      #报表信息
      report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
}
function getSyslogStatus(){
      echo ""
      echo ""
      echo "############################ syslog检查 ##########################"
      echo "服务状态：$(getState rsyslog)"
      echo ""
      echo "/etc/rsyslog.conf"
      echo "-----------------"
      cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\\$" | sed '/^$/d' | column -t
      #报表信息
      report_Syslog="$(getState rsyslog)"
}

function  getFirewallStatus(){
echo ""
echo ""
echo "############################ 防火墙检查 ##########################"
# 防火墙状态，策略等
if [[ "$centosVersion" == "/dev/null" ]]; then
      status=$?
      if [ $status -eq 0 ]; then
         s="active"
      elif [ $status -eq 3 ]; then
         s="inactive"
      elif [ $status -eq 4 ]; then
         s="permission denied"
      else
         s="unknown"
      fi
else
      s="$(getState iptables)"
fi
echo "iptables: $s"
echo ""
echo "/etc/sysconfig/iptables"
echo "-----------------------"
cat /etc/sysconfig/iptables 2>/dev/null
# 报表信息
report_Firewall="$s"
}

function getSNMPStatus(){
      #SNMP服务状态，配置等
      echo ""
      echo ""
      echo "############################ SNMP检查 ############################"
      status="$(getState snmpd)"
      echo "服务状态：$status"
      echo ""
      if [ -e /etc/snmp/snmpd.conf ];then
            echo "/etc/snmp/snmpd.conf"
            echo "--------------------"
            cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
      fi
      #报表信息
      report_SNMP="$(getState snmpd)"
}

function  getState(){
if [[ "$centosVersion" == "/dev/null" ]]; then
      if ps aux | grep -v grep | grep "$1" > /dev/null; then
         r="active"
      else
         r="inactive"
      fi
else
      if [ -e /etc/init.d/$1 ]; then
         if /etc/init.d/$1 status | grep -E "is running|正在运行" > /dev/null; then
            r="active"
         else
            r="inactive"
         fi
      else
         # CentOS 7+
         r="$(systemctl is-active $1 2>&1)"
      fi
fi
echo "$r"
}

function  getSSHStatus(){
echo ""
echo ""
echo "############################ SSH检查 #############################"
# 检查受信任主机
pwdfile="$(cat /etc/passwd)"
echo "服务状态：$(getState sshd)"
Protocol_Version=$(awk '/^Protocol/ {print $2}' /etc/ssh/sshd_config)
echo "SSH协议版本：$Protocol_Version"
echo ""
echo "信任主机"
echo "--------"
authorized=0
while IFS=: read -r user _ _ _ _ home _; do
      authorize_file="$home/.ssh/authorized_keys"
      authorized_host=$(awk '{print $3}' "$authorize_file" 2>/dev/null | tr '\n' ',' | sed 's/,$//')
      if [ -n "$authorized_host" ]; then
         echo "$user 授权 \"$authorized_host\" 无密码访问"
      fi
      authorized=$((authorized + $(awk '{print $3}' "$authorize_file" 2>/dev/null | wc -l)))
done <<< "$(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1,$6}')"

echo ""
echo "是否允许ROOT远程登录"
echo "--------------------"
config=$(awk '/^PermitRootLogin/ {print $2}' /etc/ssh/sshd_config)
firstChar=${config:0:1}
if [ "$firstChar" == "#" ]; then
      PermitRootLogin="yes"  # 默认是允许ROOT远程登录的
else
      PermitRootLogin="$config"
fi
}

cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
rt_SSHAuthorized="$authorized" #SSH信任主机
report_SSHDProtocolVersion="$Protocol_Version" #SSH协议版本
report_SSHDPermitRootLogin="$PermitRootLogin" #允许root远程登录

function getNTPStatus(){
#NTP服务状态，当前时间，配置等
echo ""
echo ""
echo "############################ NTP检查 #############################"
if [ -e /etc/ntp.conf ];then
echo "服务状态：$(getState ntpd)"
echo ""
echo "/etc/ntp.conf"
echo "-------------"
cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
#报表信息
report_NTP="$(getState ntpd)"
}

function uploadHostDailyCheckReport(){
      json="{
      \"DateTime\":\"$report_DateTime\",
      \"Hostname\":\"$report_Hostname\",
      \"OSRelease\":\"$report_OSRelease\",
      \"Kernel\":\"$report_Kernel\",
      \"Language\":\"$report_Language\",
      \"LastReboot\":\"$report_LastReboot\",
      \"Uptime\":\"$report_Uptime\",
      \"CPUs\":\"$report_CPUs\",
      \"CPUType\":\"$report_CPUType\",
      \"Arch\":\"$report_Arch\",
      \"MemTotal\":\"$report_MemTotal\",
      \"MemFree\":\"$report_MemFree\",
      \"MemUsedPercent\":\"$report_MemUsedPercent\",
      \"DiskTotal\":\"$report_DiskTotal\",
      \"DiskFree\":\"$report_DiskFree\",
      \"DiskUsedPercent\":\"$report_DiskUsedPercent\",
      \"InodeTotal\":\"$report_InodeTotal\",
      \"InodeFree\":\"$report_InodeFree\",
      \"InodeUsedPercent\":\"$report_InodeUsedPercent\",
      \"IP\":\"$report_IP\",
      \"MAC\":\"$report_MAC\",
      \"Gateway\":\"$report_Gateway\",
      \"DNS\":\"$report_DNS\",
      \"Listen\":\"$report_Listen\",
      \"Selinux\":\"$report_Selinux\",
      \"Firewall\":\"$report_Firewall\",
      \"USERs\":\"$report_USERs\",
      \"USEREmptyPassword\":\"$report_USEREmptyPassword\",
      \"USERTheSameUID\":\"$report_USERTheSameUID\",
      \"PasswordExpiry\":\"$report_PasswordExpiry\",
      \"RootUser\":\"$report_RootUser\",
      \"Sudoers\":\"$report_Sudoers\",
      \"SSHAuthorized\":\"$report_SSHAuthorized\",
      \"SSHDProtocolVersion\":\"$report_SSHDProtocolVersion\",
      \"SSHDPermitRootLogin\":\"$report_SSHDPermitRootLogin\",
      \"DefunctProsess\":\"$report_DefunctProsess\",
      \"SelfInitiatedService\":\"$report_SelfInitiatedService\",
      \"SelfInitiatedProgram\":\"$report_SelfInitiatedProgram\",
      \"RuningService\":\"$report_RuningService\",
      \"Crontab\":\"$report_Crontab\",
      \"Syslog\":\"$report_Syslog\",
      \"SNMP\":\"$report_SNMP\",
      \"NTP\":\"$report_NTP\",
      \"JDK\":\"$report_JDK\"
}"
#echo "$json"
curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null
}

function getchage_file_24h()
{
      echo "############################ 文件检查 #############################"
         check2=$(find / -name '*.sh' -mtime -1)
         check21=$(find / -name '*.asp' -mtime -1)
         check22=$(find / -name '*.php' -mtime -1)
         check23=$(find / -name '*.aspx' -mtime -1)
         check24=$(find / -name '*.jsp' -mtime -1)
         check25=$(find / -name '*.html' -mtime -1)
         check26=$(find / -name '*.htm' -mtime -1)
         check9=$(find / -name core -exec ls -l {} \;)
         check10=$(cat /etc/crontab)
         check12=$(ls -alt /usr/bin | head -10)
         cat < $RESULTFILE

         echo "检查结果：$RESULTFILE"
         echo -e "`date "+%Y-%m-%d %H:%M:%S"` 巡检报告"  | mail -a $RESULTFILE -s "巡检报告"
xxx@xxx.cn
}

yzyyy · 发表于 2024-1-21 20:21

感谢感谢

GMCN · 发表于 2024-1-21 22:37

楼主能不能发个文件链接，复制的格式有点乱

chaohao1988 · 发表于 2024-1-21 23:12

楼主能不能发个文件链接，复制的格式有点乱+1

meder · 发表于 2024-1-21 23:32

不错不错

yjyhj16898 · 发表于 2024-1-22 00:01

比较有参考意义，以后用上了再来看~

ydb7007 · 发表于 2024-1-22 07:45

大好人啊，这个还是可以参考的

lcg2014 · 发表于 2024-1-22 11:08

真不错，谢谢分享

tmabc123 · 发表于 2024-1-22 11:18

谢谢楼主分享

warmlamb · 发表于 2024-1-22 11:57

提示: 作者被禁止或删除内容自动屏蔽

帐号		自动登录	找回密码
密码			注册[Register]

[学习记录] linux服务器巡检脚本

免费评分

warmlamb warmlamb 当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	10^# warmlamb 发表于 2024-1-22 11:57 提示: 作者被禁止或删除内容自动屏蔽

	回复支持举报